The Information Technology division is looking for a service provider with relevant experience in the areas listed below:

- Planning and installation of the offered cloud management platform, or the automation and orchestration platform

- Implementation of user training

- Multi-factor authentication

- Single-Sign-On

- License and user management

- Automatic VM provisioning with Windows and Red Hat

- Design and automation of workflows

- Proficiency in German and English

Brief description of the project

The Helmholtz-Zentrum Hereon is planning to introduce a self-service service throughout the city centre.

Portals for server and other IT services.

Currently, all requirements in the IT environment are handled manually or semi-automatically by

the individual teams.

These processes are to be brought together in a self-service portal and fully automated

Become.

Requirements for the service provider

The Information Technology division is looking for a service provider with relevant experience in

the areas listed below:

- Planning and installation of the offered cloud management platform, or the

Automation & Orchestration Platform

- Implementation of user training

- Multi-factor authentication

- Single-Sign-On

- License and user management

- Automatic VM provisioning with Windows and Red Hat

- Design and automation of workflows

- Proficiency in German and English

Requirements for the service

The Information Technology division is looking for an automation and

Orchestration platform with the features listed below:

- VM Lifecycle

o Create VMs

o Operating system customization (name, IP, user, etc.)

Introduction of a self-service portal for IT services

specifications

o Resource adaptation (manual / semi-automated / fully automated) of

vCPUs, RAM, and disks

o Interaction with the operating system (defined scripts)

o Automatische Laufzeitverlängerungsabfrage per Mail

o Dismantling of VMs and their dependencies (e.g. DNS entries)

- Kubernetes Namespace Lifecycle

o Creating namespaces

o Resource adaptation (manual / semi-automated / fully automated) of

CPUs, RAM, and hard drives

o Automatische Laufzeitverlängerungsabfrage per Mail

o Deploying container images

o Dismantling of namespaces and their dependencies (e.g. DNS entries)

- IaaS Lifecycle (intangible services)

o Creation of intangible services by ...

- Add a user to an AD group

- a REST-API command

- well-known interfaces

o Removal of intangible services by ...

- Delete a user from an AD group

- a REST-API command

- well-known interfaces

- All VM processes are for Windows Server 2022 and Red Hat Enterprise Linux 8

Interpret

- Openshift is used as the Kubernetes distribution

- For billing, it must be possible to create your own models for all services

- Hereon's IT already uses extensive Ansible roles for its servers.

If possible, the processes used in the platform should be Ansible runs with the

existing Ansible roles (e.g. via SSH or REST API).

Installation of a web server would be, for example, the basic installation plus the Ansible

Web Server Role

This should be process-independent (directly when ordering or after installation)

can be triggered.

- The IT of the hereon uses Gitlab as code versioning.

If possible, the code of the processes should be maintained in GitLab and used by the platform

can only be used.

If this is not possible, internal versioning including production and test paths

inevitably necessary.

- Customized mail templates must be used for interactions with the customer

- Some processes use confirmation e-mails (e-mail to supervisors or IT) where

the orders/changes are approved.

The e-mail must contain a direct link to the open request.

- The frontend (customer side) must conform to the specifications of the hereon (colors, font,

logos) can be customized

- The frontend must be used as a normal web service (https) with SSO (without

password entry)

- Authentication is done via SAML

Introduction of a self-service portal for IT services

specifications

- Customer and admin portals are subject to role-based access control.

- The entire solution is available as an on-premise solution in the data center of the hereon.

install.

- The following interactions are required for the processes prepared by hereon:

o Full interaction with VMware vCenter 7.0U3

o Full interaction with VMware NSX 4.1

o Full interaction with Red Hat Openshift

o REST (incl. processing of responses)

o Wait events and conditions

o Informative Mail (SMTP)

o Approval incl. notifications (by e-mail)

o Decisions based on quota, user context, or ordering options

o Triggering scripts in the target (e.g. a Powershell script in the VM in Windows)

o Triggering of scripts in the automation for filling variables (e.g.

a Powershell script with an LDAP query)

- In addition to the owner, some services also require one or more

more power users, who are also allowed to take a snapshot of a VM, for example.

The owner has to configure this himself for each service.

- Reports of services and resources used per organizational unit

needed.

- Transfer of existing VMs and namespaces including the stored

Contact persons and terms

Temporal scope

The work of the service provider should start as soon as possible. The

Main work is focused on the 2nd half of 2023. The installation can be started from approx. week 35

and is expected to be completed by the end of 2023.

Additional scope of services (accessories/additions)

- Concept of platform design included

- Netzwerkplan

- required resources

- Project plan with times and dependencies